Posted
by
kdawson
on Saturday September 26, 2009 @05:43PM
from the oops-our-bad dept.

An anonymous reader writes "The Rocky Mountain Bank, based in Wyoming, accidentally sent confidential financial information to the wrong Gmail account. When Google refused to identify the innocent account owner's information, citing its privacy policy, the bank filed in Federal court to have the account deactivated and the user's information revealed. District Judge James Ware granted the bank's request, with the result that the user has had his email access cut off without any wrongdoing or knowledge of why." The Reg's earlier story says, "Rocky Mountain Bank had asked to court to keep its suit under seal, hoping to avoid panic among its customers and a 'surge of inquiry.' But obviously, this wasn't successful."

...wait. I mean, the account holder at this point has probably seen and done any damage that they are going to do with this information. How precisely is this going to help the bank's cause?

Of course, the account may be inactive and they may well have gotten to it before the person who owned it logged in again, but I do have to wonder why it is the recipient's problem that the bank sent this information. If the bank sent me that sort of information in the mail, does that mean that the county can order my house burned down to make sure I can't read that mail, even though I probably have already read it in full?

These decisions make no sense to me sometimes and it scares me because for some things I use only one email account and if my contacts disappeared, I might not be able to find some of these people again easily. I guess it's time to start backing up all my account data to my home machine by default.

This is yet another strike against "cloud computing" taking over. If they can order your account just plain zapped because a bank fucked up, I don't see how anyone's data is safe. At least if you had it stored at home or at work on your own machine, you'd at least know what the hell happened to it.

I'll tell you why they do this, they are outright fucking dumb. That's basically it. If the IT guy knows about encryption, he has no power to make it happen, but most of the time he's barely able to type let alone do IT stuff.

Banks just don't pay for shit unless you are a VP or own the place, so they get the crappiest IT help.

"Due diligence" means "cover your ass", and has NO OTHER MEANING in the banking community. Everywhere else it means "make a good effort to do the best you can to the spirit of the task".

Granted, this breech is considerably dumber than average, but of the banks I have worked with, every single one of them at one time or another had some sort of institutional problem understanding and implementing some of the most basic data safety measures.

The Feds have been much more pushy about it recently, so it will improve. And a lot of the old guard is finally dying off, and you'll see bank leaders that have had more than "type this letter" (to the secretary) experience with computers.

Not from the United States and not too familiar with the U.S. Constitution, but wouldn't this be a blatant violation of the first amendment?

There is a clearly innocent party here who has had a primary communication medium forcibly disconnected. Not only can they not talk about this confidential material (which there may be an argument for preventing), but they can't talk to anyone about anything. That sounds like a massive violation of freedom of expression...

Actually, your scenario kinda-sorta happened to the Mayor of Berwyn Maryland. A scam where drugs are shipped to a random (innocent) person, to be taken later from the porch by an accomplice. In this case, brain-dead police investigators and a swat team charged into the innocent man's house, shot his dogs, and arrested him, his wife, and his elderly mother. He still awaits even an apology for the horrifying incident. There is very little actual 'justice' in the justice system.

Securitizing the mortgages alone is not evil. The problem was that those bundles had been valued based on model built using historical data. When a lot of banks started buying up mortgages to put in these bundles the guys arranging the mortgages significantly changed their behaviour in order to get more. That change in behaviour (salesmen becoming writing much more shakey mortgages) invalidated the model used to value them, so the banks bought stuff for a lot more than it was worth, leading to the credit crisis.

You can call people evil, greedy and stupid all you want, but that's not going to get your money back and it won't prevent it happening again. The key problem here is that the banks broke the First Rule of Engineering, they trusted a computer model and thus failed to scrutinize their purchases properly. The government allowed them to make these purchases without proper due dilligence, the salesmen sold mortgages they knew would likely end up in default and the families took out mortgages without a plan to pay it off.

If you think those lapses are greedy, evil and stupid, then fine. However, the morale of this whole credit crisis and subsequent recession should be: If it's important, hire an engineer to do it.

I worked for a payroll company doing programming work on their direct deposit system. It was my first "real" job as a professional. The banks that we'd interface with would routinely drop transactions, "misplace" client balances and just generally make our lives hell. The backwash from a bank mishandling a million dollar payroll is simply incredible. Since everyone uses direct deposit and automatic bill pay, a hiccup (sometime a week long) would cause a cascading chain of overdraft or late fees for many, many employees. All of these would need to be dealt with. How the hell do you misplace a million dollars?

When you're young you'll generally develop some bizarre idea that adults know what they're doing. If you're lucky you get this knocked out of you early on. If you ever run into an adult that disagrees with the "the older I get the less I know" quote, walk away fast.

...every few weeks. I have tried to contact the bank (Chase) to let them know that they're sending to the wrong account.

They make it fucking impossible to contact them - UNLESS I log on with the account to do so (or call them, which I don't feel like doing because I don't live in the USA).

Every couple weeks I reply to the email (even though it says "don't reply", it has a unique reply-to, so I hold out some hope that maybe someone keeps an eye on the occasional reply). This has been going on for months. Attempts to navigate the website to find a simple contact page appear to be futile - there/must/ be one (right?) but I can't find it at a glance, and how much time should I be investing in this, seriously?!

I haven't looked at the emails closely because I don't care what's in them, but I'm sure there's some personal/confidential information in them - and if not, as the owner of the email address, I'm sure I could request some more stuff to get sent to me.

I really want to fix this problem, rather than just hit 'spam' so gmail bins them all (which helps noone, I feel). But the bank has not taken this scenario into account adequately enough - and until they are forced to, they just won't bother.

(Why do banks send emails at all? They should/only/ ever send emails to people that have opted in with a public key so they can be securely signed. Yes, that cuts out a lot of people, but seriously, the people that it cuts out will be better off for it.)

The repackaging of subprime mortgages into valued securities was one problem but it might not have caused a collapse had the banks not also willingly massively over leveraged [wikipedia.org] - at 30 to 1 it only takes a 3% downturn in the market and your bank is insolvent...

No, I'm saying that if you can only afford to pay back a $5000 loan then they shouldn't offer you a $50000 loan...

But who determines how much is too much? The bank? According to your views, they've been screwing up and can't be trusted to assess loans. The government? They got the banks here in the first place with stupid regulations.

To be blunt, I'm a 'risk'. They could loan me $100,000 and I could pay back every cent. Hell--I could win the lottery tomorrow and pay the loan in full immediately. Of course I could also get fired or laid off from my job tomorrow too and then jump off a bridge. They'd never see a red cent. They'd have to sell the house and hope to get a return.

It all boils down to risk/reward. Are you going to dump tons of money on someone who might just screw you over? If the potential reward is big enough you will. That's what banks are doing.

They may be willing to give me $100,000 if they know that after 30 years they will have made an extra $20k on it. And if the risk is that I don't repay--they can take my house, sell it, and hopefully make some/all of the $100,000 back.

Only idiots buy $250,000 houses that are really worth $150,000 when all they can afford is $100,000.

But in the end, the banks that 'risked' it are getting screwed because they lent $250,000 for a $150,000 house, made $20,000 off the borrower, and then got stuck $80,000 in the hole.

...and now you, I, and everyone else that pays taxes are bailing out the banks that lost big-time.

When did the government get the power to take money from me for the bad decisions of banks and sub-prime borrowers?

You can not ensure "health". Everyone dies sooner or later. If you have money, it will be later, on average.

If you don't have employer subsidized health care, there are very reasonable, low cost, high deductible health insurance policies that will protect you from a disastrous medical bill. It is irresponsible not to have such a policy, if you have anything at all to lose (like a house).

How we got to the notion that "health insurance" should cover every little thing is ridiculous. Think about how much your car insurance would cost if it covered oil changes and brake jobs, or how about if your home owners insurance covered painting, fence repair and replacing your carpet for normal wear and tear?

The families who took the money were on the edge of desperation - looking for any way out.

No, they weren't. Most people who took out low rate ARM mortgages in the early mid 2000s fell into several categories: the ignorant, ill-informed (maliciously or otherwise), or my favorite, seduced by TV networks who made "flipping" a property seem a guaranteed way to make hundreds of thousands of dollars a year. The waves of people I've seen on those shows, even now, who seem to think that anything less than $100,000 profit on a purchase, some renovations, and a six month turn-around is unacceptable is staggering.

Even now, watch the very vast majority of those shows, particularly the ones where people do renovations, and have before/after valuations. "You spent how much on your new kitchen?" "$15,000" "Great, you just added $30,000 value to the home. Now, how about the bathroom?" "We spent $8,000 in here." "Excellent, looking around, I'd say you added $20,000 to the value of the home", and so on, ad nauseaum. Add this up, and you have, in my view, a hidden culprit, along with the RE agents who were pretty much as a whole in lock-step with these mantras pushed by TV onto their clients, of the housing bust.

That $23,000 you invested in the home is only worth $50,000 if you can find the one born every minute to sell it to. Eventually, that got so outrageous, and so out of tune with reality, that people realized they were paying $50,000 for $23,000 of renovations on a home by a "flipper", and balked. And down came the house of cards.

Oh no! You must not do anything that could cause your email to end up in those idiots contact-lists.Next time they may send something to YOUR account! Then you can kiss your account goodbye.

Come to think of it, that is a great way to get rid of a person online. Just get him on that mailers list and the court will shut him out for ya.The worst thing is, now there is precedence in such a case so the next one is just blind copy/paste. Thow won't be abused. Surely not. The world is not that evil.

What I don't understand is why food and fuel isn't included in inflation. I'm not rich, supporting a wife and son and most of my money goes to food and fuel. While my government (Canada) claims that inflation is actually negative, I go to the grocery store and everything seems to be up. A bag of potatoes is close to $10, a can of beans is close to a dollar, last week it was actually cheaper to buy (a cheap cut of) steak then hamburger.Gas keeps going up in price and I need to drive to make money.Housing has gotten ridiculous. I was talking to someone and she was bitching that her house that she bought new a couple of years ago for $350,000 has dropped in value from $750,000 to $685,000. This is just an ordinary house on an ordinary lot 35 miles out of the big city.

You've given an example of a somewhat flawed password scheme. You've never tried to brute-force a password, have you?

Most people, left to themselves, will have a password that consists of all lower-case letters, and maybe a couple of numbers at the end. This gives you 36^8 possible choices for a password. Adding uppercase and numbers gives you 62^8 choices, making the password take approximately twice as long to crack.

Most people will choose very bad passwords, usually dictionary words. There are by most accounts less than a million words in the English language; you're reducing the keyspace by a factor of millions if you can use a dictionary attack.

Your password scheme is better than a simple 8-character lowercase password by many orders of magnitude even assuming that the lowercase password is randomly generated. In reality, that will rarely be the case. The upshot is basically that without a password scheme such as yours, any password will likely be broken in seconds or minutes, and with your password scheme, breaking the password within weeks may be infeasible.

Yep, you read that right. Thirty five fucking dollars for 2 tylenol. If they told me in advance, I would have said "stuff it. I got tylenol at home assholes".

There is no accountability in health care for keeping costs down. Health insurance is a misnomer because everyone needs health care at some point. It's gone from insuring yourself against catastrophic financial repercussions due to personal injury and illness, to a giant socialistic slush fund where we all dump in hundreds of dollars per month which we then spend when we go to the doctor and pay a small co-pay and somehow think we saved money.

Here in Minnesota, we have a lot of clinics that offer basic health services at a fraction of what you would pay at a normal doctor or hospital. We need a lot more clinics nationwide that offer these types of health services without breaking the bank. Insurance won't go down as long as the health care system is structured as it is.

I've worked with SWAT teams before (as part of the on call paramedic team). Most of the teams are regional in my area and the local police, almost to a man, hate working with them.

Their commanders don't share information with the local officers, they simply brief them with with "corridors" to establish and almost comically vague descriptions of their target. 9 times out of 10 patrol officers know who the guy is and could simple arrest him while he/she walk to their car without the fuss, but aren't asked for help other than maintaining a perimeter.

The team members are usually high strung to the point of nervousness. You see the training videos where the guys walk into the building in a tactical crouch with cover from the guy in front of them?? Where every movement is controlled and the guys are shouting commands to each other? That's not what you actually get. It's more like an episode of cops after a car or foot chase. The officers are twitchy and amped up BEFORE they even go in and once they door is opened (god help the target is they have to pop the door!) they are tripping over all the boxes and tables and cloths on the floor. It's seriously a 15-20 second madhouse that ends up with officers and residents on the floor and tonnes of broken shit everywhere. (and that why I love working for them!)

Hell, I could go on and on about the humorous stuff that I've seen, but it has to be measured with the fact that they do a tough job and are almost Pavlovian in their approach to any situation. The tactical guys aren't bad in any sense of the word...they are a product of their training and it's set up to keep them safe. It's the folks that call for the SWAT teams that are really nutjobs and ass covering tbags . Once a SWAT team is dispatched, it's assumed that they guy is a heavy and have to be treated as such, even when he's not home, or in the best call ever, was already in the village jail when they raided his home. No matter what happens...wrong place, guy not home, dog kicked and dead, grandmother popped in the face with a bloody nose, etc., you will almost never hear a SWAT commander or officer say a mistake was made.